Trusteer launches Mobile Risk Engine

Thursday 30 May 2013 | 11:10 AM
CET

Trusteer, a provider of endpoint cybercrime prevention solutions, has released the Trusteer Mobile Risk Engine to protect financial institutions against mobile and PC-to-mobile (cross-channel) attacks.

The newly launched product detects and stops account takeover from mobile devices by identifying criminal access attempts. It also identifies devices that are vulnerable to compromise by malware and those that have been infected. Mobile malware is commonly used to bypass strong authentication methods such as SMS One-Time Passwords (SMS OTP).

The web-based service includes the following client-side components:
• Trusteer Mobile SDK - a security library that is embedded in a native mobile banking app and generates a device ID and device risk factors that are fed into the risk engine;
• Trusteer Mobile App - a browser that is built on top of the SDK and provides device ID and device risk factors for mobile web access to online banking. By securing both the native app and requiring web access via a secure browser, financial institutions can ensure all mobile access and transactions are evaluated for fraud risk;
• Trusteer Mobile Out-of-Band Authentication - a login and transaction verification solution that is used to ensure access to sensitive operations are initiated by the genuine account holder;
• Mobile Risk API - allows mobile device risk data collected by banking applications to be integrated into the Mobile Risk Engine without deploying a Trusteer client-side component.

Trusteer Mobile Risk Engine can also be integrated with 3rd party authentication systems (to drive step-up authentication for high risk access) and other risk engines.

According to a recent report by Javelin Research1, mobile banking is now used by 33 percent of mobile consumers, up from 24 percent in 2011. Of the top 25 US financial institutions, about half are offering mobile person-to-person transfers and mobile remote deposit capabilities, a figure that has more than doubled since 2011. This steady increase in adoption is putting the mobile channel in the crosshairs of account takeover attacks that are launched using credentials stolen from customers via phishing and malware attacks. The FFIEC guidance for electronic banking requires layered security, continuous risk assessment and complex device fingerprinting to reduce the risk of fraud, and clearly includes the mobile channel.